Cybercriminal group Storm-1865 is deploying social-engineering attacks on hospitality businesses, using a method known as “ClickFix”, where victims receive fake error or system notifications. Following the attackers’ instructions, victims either visit a malicious website or download malware directly. The criminals impersonate Booking.com to prompt users to provide financial details and login credentials. The Microsoft security research team points out this tactic has enabled Storm-1865 to evade many antimalware tools.

Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware
The Akamai Security Intelligence and Response Team (SIRT) has issued an alert about a command injection vulnerability in Edimax’s Internet of Things (IoT) devices. The